Tweaks to both of these programs.

testing/sniffstream

@@ -53,9 +53,10 @@ while( <STDIN> ) {
     $source = $2;
     $dest = $3;
   }
-  elsif ( /^\s+(0x....):\s(( [0-9a-f]{4}){1,8})/ ) {
+  elsif ( /^\s+(0x....):\s(( [0-9a-f]{4}){1,8})/i ) {
     my $pos = hex($1);
     my $hex = $2;
+    next unless defined($hex);
 
     if ( $pos == 64 ) {
       $hex = substr( $hex, 10 );

testing/watch-port-80.sh

@@ -3,4 +3,26 @@
 PORT=${1:-"80"}
 IFACE=${2:-"any"}
 
-sudo tcpdump -i $IFACE -s0 -l -n -q -A "tcp port ${PORT} and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)"
+# Only include packets that contain data
+NOTSYNFIN=" and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)"
+DUMP="tcp port ${PORT}"
+
+IPCLAUSE=""
+if [ "${IFACE}" != "any" ]; then
+  IP="`ip addr show dev wlan0 | grep ' inet ' | tr -s ' ' | cut -f3 -d' ' | cut -f1 -d'/'`"
+  IPCLAUSE=" and ((src host ${IP} and src port ${PORT}) or (dst host ${IP} and dst port ${PORT}))"
+fi
+
+DUMPFILE="dumps/`date '+%FT%T'`.dump"
+
+# touch "${DUMPFILE}"
+sudo tcpdump -i $IFACE -s0 -l -n -q -A "${DUMP}${NOTSYNFIN}${IPCLAUSE}" >"${DUMPFILE}" 2>&1 &
+DUMPPID="$!"
+
+less "${DUMPFILE}"
+
+sudo kill "${DUMPPID}"
+
+if [ "`stat --format='%s' \"${DUMPFILE}\"`" -le 230 ] ; then
+  rm "${DUMPFILE}"
+fi